<?php
	//Start session
	session_start();
	
	require_once('auth.php');
	
	//Include database connection details
	require_once('../../connection/config.php');
	
	//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}
	
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database");
	}
	
	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	//Sanitize the POST values
	$quantity = clean($_POST['quantity']);
	$total = clean($_POST['total']);
	$date = clean($_POST['date']);
	
	//get product_id
	$id = $_GET['id'];
	//get the product details from the product_details table based on the product_id
	$results=mysql_query("SELECT * FROM product_details WHERE product_id='$id'")
	or die("The system is experiencing technical issues. Please try again after a few minutes.");
	
	//storing the pizza type and price into variables
	$row=mysql_fetch_array($results);
	$PizzaType=$row['Pizza_Type'];
	$Price=$row['Price'];
	
	//get the billing_id from the billing_details table based on the member_id in auth.php
	$memberId=$_SESSION['SESS_MEMBER_ID'];
	$qry=mysql_query("SELECT * FROM billing_details WHERE member_id='$memberId'")
	or die("The system is experiencing technical issues. Please try again after a few minutes.");
	
	//storing the billing_id into a variable
	$row=mysql_fetch_array($qry);
	$BillingID=$row['billing_id'];
	
	if(isset($_GET['id']))
	{
	//Create INSERT query
	$qry = "INSERT INTO orders_details(member_id,billing_id,Pizza_Type,Price,Quantity,Total_Cost,Order_Date) VALUES('$memberId','$BillingID','$PizzaType','$Price','$quantity','$total','$date')";
	mysql_query($qry);
	
	header("location: member-index.php");
		
	}else {
		die("Order processing failed! Please try again after a few minutes.");
	}
?>